What term describes the practice of manipulating people to gain confidential information?

The practice of manipulating people to gain confidential information is known as social engineering. This term encompasses a wide range of tactics used by attackers to deceive individuals into divulging sensitive information, such as passwords, credit card numbers, or other confidential details.

Social engineering relies heavily on psychological manipulation, exploiting human emotions like fear, trust, or urgency to prompt individuals to act against their better judgment. For example, an attacker may pose as a trustworthy figure, such as an IT support staff member, to convince an employee to provide access credentials.

While phishing is a specific technique within social engineering that typically involves fraudulent emails or messages aimed at tricking individuals into giving away information, social engineering covers all forms of human manipulation, whether they occur online or in face-to-face interactions. This broader scope is what distinguishes social engineering from other choices, like hacking or technical exploitation, which focus more on technical vulnerabilities rather than human factors.